b'                                      SOCIAL SECURITY\nMEMORANDUM\nDate:   September 23, 2003                                                       Refer To: 33266-23-502\n\nTo:     The Commissioner\n\nFrom:   Inspector General\n\nSubject: Top Management Challenges\xe2\x80\x94Fiscal Year 2004\n\n\n\n        The Reports Consolidation Act of 2000 requires that we summarize for inclusion in the Social\n        Security Administration\xe2\x80\x99s (SSA) Performance and Accountability Report, our perspective on the\n        most serious management and performance challenges facing SSA. The challenges in Fiscal\n        Year (FY) 2004 have not changed substantially from FY 2003. However, we consolidated\n        several related areas to more effectively cover these areas. The top management issues facing\n        SSA in FY 2004, as determined by the Office of the Inspector General, are: Social Security\n        Number Integrity and Protection, Management of the Disability Process, Improper Payments,\n        Budget Performance and Integration, Critical Infrastructure Protection and Systems Security, and\n        Service Delivery.\n\n        These areas are dynamic, so we encourage continuous feedback and additional study\n        suggestions. This flexibility enables us to meet emerging and critical issues evolving in the\n        upcoming year. Our summary of SSA\xe2\x80\x99s progress in addressing these challenges (see attached)\n        will be included in the Fiscal Year 2004 Performance and Accountability Report.\n\n        If you have any questions or need additional information, please call me or have your staff\n        contact Steven L. Schaeffer, Assistant Inspector General for Audit, at (410) 965-9700.\n\n\n\n\n                                                            James G. Huse, Jr.\n\n        Attachment\n\n        cc:\n        James B. Lockhart\n        Larry Dye\n        Larry Love\n\x0cTOP MANAGEMENT\n     CHALLENGES\n\n\n\n FISCAL YEAR 2004\n\x0cT      he Reports Consolidation Act of 20001\n       requires that we summarize, for\n       inclusion in the Social Security\nAdministration\xe2\x80\x99s (SSA) Performance and\n                                                The Office of the Inspector General (OIG)\n                                                believes the management challenges facing\n                                                SSA in FY 2004 are as follows.\n\nAccountability Report, our perspective on the\nmost serious management and performance\nchallenges facing SSA.\n\nThe challenges facing SSA management in                  TOP MANAGEMENT\nFiscal Year (FY) 2004 have not changed\nsubstantially from FY 2003. However, we                    CHALLENGES\nconsolidated several related areas to more\n                                                   Social Security Number Integrity\neffectively cover these areas. For example,\nSocial Security Number Integrity and               and Protection\nProtection now covers the former areas of          Management of the Disability\nHomeland Security, Social Security Number\n(SSN) Integrity and Misuse, and Integrity of\n                                                   Process\nthe Earnings Reporting Process. Our Service        Improper Payments\nDelivery issue area now includes Human\nCapital, E-Government, and representative          Budget and Performance\npayee issue areas. We also eliminated the          Integration\nFraud Risk issue area since potentially there\nare elements of fraud risk in each management      Critical Infrastructure Protection\nchallenge.                                         and Systems Security\n                                                   Service Delivery\n\n\n\n\n1\n    Pub. L. No. 106-531.\n\n\n                                  Top Management Challenges\n                                             1\n\x0c S      ince 1997, we have provided our\n        perspective on these management\n        challenges to Congress, SSA and other\n key decisionmakers. In developing this year\xe2\x80\x99s\n                                                        \xe2\x80\xa2\n\n\n\n                                                        \xe2\x80\xa2\n                                                            SSA\xe2\x80\x99s progress in responding to the Office\n                                                            of Management and Budget\xe2\x80\x99s (OMB)\n                                                            Scorecard,\n                                                            the Inspector General\xe2\x80\x99s Strategic Plan,\n list, we considered the four initiatives the\n Commissioner has identified as priorities:             \xe2\x80\xa2   the high-risk list prepared by the General\n Service, Stewardship, Solvency, and Staff.                 Accounting Office (GAO), and\n\n We also reviewed                                       \xe2\x80\xa2   our body of audit and investigative work.\n\n \xe2\x80\xa2   the most significant issues as outlined in the     Finally, we prepared a crosswalk to ensure\n     President\xe2\x80\x99s Management Agenda (PMA),               there was no disconnect or gap among those\n                                                        reviewing SSA\xe2\x80\x99s programs and operations.\n\n\n\n              Crosswalk of PMA to Commissioner Priorities, OIG Management Challenges,\n Crosswalk of Presidential Management Agenda (PMA) to Commissioner Priorities, Office of the Inspector\n                        Social Security\n         General Management             Advisory\n                               Challenges,         Board,Advisory\n                                           Social Security and GAO  Challenges\n                                                                  Board, and GAO Challenges\n     PMA         Commissioner     OIG Major Management           Social Security     GAO Performance and\n     PMA            Priorities         Challenges                Advisory Board     Accountability Challenges\nExpanded         Service         Service Delivery               Service to the      Service Delivery\nElectronic                                                      Public\nGovernment                       \xe2\x88\x92 E-Government                                     Improve the DDS\n                                                                                                Disability\n                                                                                                     Process\n                                                                                    Determination Service\n                                                                                    and Return to Work\n                                 \xe2\x88\x92 Representative\n                                   Rep Payee      Payee                             Process and Return to Work\n                                 \xe2\x88\x92 Human Capital\n                                 Management of the\n                                                                Disability Reform   Disability\n                                                                                    DI\xe2\x80\x94High Insurance\xe2\x80\x94\n                                                                                               Risk\n                                 Disability Process\n                                                                                    High Risk\nImproved         Stewardship     Improper Payments              Social Security     Supplemental Security\nImproved         Stewardship     Improper Payments              SSN Case            Supplemental Security\nFinancial                                                       Number Case         Income*\nFinancial                        Critical Infrastructure        Handling Quality    Income\nPerformance      Solvency        Critical Infrastructure        Handling Quality\nPerformance      Solvency        Protection/Systems Security                        Information Security\n                                 Protection and Systems         SSN Misuse          Information Security\nCompetitive                                                     SSN Misuse\nCompetitive                      SSN Integrity and Protection\n                                 Security\nSourcing                         (Homeland Security and\nSourcing                         SSN Integrity and Protection\n                                 Earnings)\nBudget and                       Budget Performance and\nBudget and                       Budget Performance and\nPerformance                      Integration\nPerformance                      Integration\nIntegration\nIntegration\nStrategic        Staffing        Service Delivery               Staffing            Human Capital\nStrategic        Staff           Service Delivery               Staffing            Human Capital\xe2\x80\x94High Risk\nManagement                                                      \xe2\x88\x92 Hiring\nManagement                       \xe2\x88\x92 Human Capital                \xe2\x88\x92 Hiring\nof Human                         \xe2\x88\x92 Human Capital                \xe2\x88\x92 Training\nof Human                                                        \xe2\x88\x92 Training\nCapital                                                         \xe2\x88\x92 Management\nCapital                                                         \xe2\x88\x92 Management\n                                                                \xe2\x88\x92 Measurement\n                                                                \xe2\x88\x92 Work\n                                                                  Measurement\n\n\n\n\n                                     Top Management Challenges\n                                                2\n\x0c   SOCIAL SECURITY NUMBER                         enumeration process. Likewise, additional\n                                                  techniques, such as data mining, biometrics,\n  INTEGRITY AND PROTECTION                        and enhanced systems controls, are critical in\n   In FY 2002, SSA issued about 18 million        the fight against SSN misuse.\noriginal and replacement SSN cards, and SSA\n    received approximately $524 billion in        To effectively combat SSN misuse, we\n employment taxes related to earnings under       believe SSA should\n                issued SSNs.\n                                                  \xe2\x80\xa2   establish a reasonable threshold for the\nThe SSN is the single most widely used                number of replacement SSN cards an\nidentifier for Federal and State governments          individual may obtain during a year and\nas well as the private sector. In FY 2002,            over a lifetime,\nSSA issued about 18 million original and          \xe2\x80\xa2   expedite systems controls that would\nreplacement SSN cards, and SSA received               interrupt SSN assignment when SSA\napproximately $524 billion in employment              mails multiple cards to common addresses\ntaxes related to earnings under issued SSNs.          or when parents claim an improbably\nProtecting the SSN and properly posting the           large number of children,\nwages reported under SSNs are critical to\nensuring eligible individuals receive the full    \xe2\x80\xa2   continue to address identified weaknesses\nretirement, survivor and/or disability benefits       within its information security\ndue them.                                             environment to better safeguard SSNs,\n                                                      and\nUnfortunately, the SSN is often misused.          \xe2\x80\xa2   continue to educate SSA staff about\nAnd identity theft is not just about                  counterfeit documents.\nindividuals. While being the immediate\nvictim of identity theft and SSN misuse can       Integrity of the Earnings Process\ncause individuals years of difficulty, it also\nbrings cost to financial and commercial           The integrity of the SSN is also related to\ninstitutions, which is ultimately passed on to    SSA\xe2\x80\x99s process for posting workers\xe2\x80\x99 earnings.\nconsumers. Worse yet, SSN misuse can              The proper posting of earnings ensures that\ndisguise a dangerous felon or a would-be          eligible individuals receive the full retirement,\nterrorist as a law-abiding citizen. That de       survivor and/or disability benefits due them.\nfacto national identifier can provide a           If earnings information is reported incorrectly\ncriminal the identification and seeming           or not reported at all, SSA cannot ensure all\nlegitimacy he or she needs to go about            eligible individuals are receiving the correct\nnefarious business, perhaps putting dozens,       payment amounts. In addition, SSA\xe2\x80\x99s\nhundreds, or even thousands of lives in           disability programs under the Disability\njeopardy.                                         Insurance (DI) and Supplemental Security\n                                                  Income (SSI) provisions depend on this\nProtecting the Social Security Number             earnings information to determine (1) whether\n                                                  an individual is eligible for benefits and\nTo ensure the integrity of the SSN, SSA must      (2) the size of the disability payment.\nfocus on three stages of protection: (1) when\nthe SSN card is issued, (2) during the life of    SSA spends scarce resources trying to correct\nthe SSN cardholder, and (3) upon the SSN          the earnings data when incorrect information\ncardholder\xe2\x80\x99s death. Furthermore, SSA must         is reported. The Earnings Suspense File\nemploy effective front-end controls in its        (ESF) is the Agency\xe2\x80\x99s record of annual wage\n\n                                  Top Management Challenges\n                                             3\n\x0creports for which wage earners\xe2\x80\x99 names and        \xe2\x80\xa2   locating systemic weaknesses that\nSSNs fail to match SSA\xe2\x80\x99s records. Between            contribute to SSN misuse, such as in the\n1937 and 2000, the ESF grew to represent             enumeration and earnings-related\nabout $374 billion in wages, which included          processes;\napproximately 236 million wage items with\n                                                 \xe2\x80\xa2   recommending legislative or other\nan invalid name and SSN combination. As of\n                                                     corrective actions to ensure the SSN\xe2\x80\x99s\nJuly 2002, SSA had posted 9.6 million wage\n                                                     integrity; and\nitems to the ESF for Tax Year 2000,\nrepresenting about $49 billion in wages.         \xe2\x80\xa2   pursuing criminal and civil enforcement\n                                                     provisions for individuals misusing SSNs.\nWhile SSA has limited control over the\nfactors that cause the volume of erroneous       This Team will also partner with external\nwage reports submitted each year, there are      private and public sector organizations not\nstill areas where SSA can improve its            only to educate, but to pursue mutually\nprocesses. SSA can improve wage reporting        beneficial activities to prevent and detect\nby educating employers on reporting criteria,    fraudulent use of SSNs.\nidentifying and resolving employer reporting\nproblems, and encouraging greater use of the\nAgency\xe2\x80\x99s SSN verification programs. SSA\nalso needs to improve coordination with other\nFederal agencies with separate, yet related,\nmandates. For example, SSA\xe2\x80\x99s ability to\nimprove wage reporting is related to the\nInternal Revenue Service\xe2\x80\x99s failure to sanction\nemployers for submitting invalid wage data.\nIt is also related to the complicated employer\nprocedures the Bureau of Citizenship and\nImmigration Services uses to verify eligible\nemployees.\n\nSocial Security Number Integrity Protection\nTeam\n\nFinally, pending funding, we will be\nestablishing an SSN Integrity Protection\nTeam (Team) to address the escalating issue\nof SSN misuse. The Team is an integrated\napproach that combines the talents of our\nauditors, investigators, computer specialists,\nanalysts, and attorneys. In addition to\nsupporting homeland security initiatives, the\nTeam will focus its efforts on\n\xe2\x80\xa2   identifying patterns and trends of SSN\n    misuse;\n\n\n\n\n                                  Top Management Challenges\n                                             4\n\x0c       MANAGEMENT OF THE                            \xe2\x80\xa2   legislation or Federal regulations rescind a\n                                                        prior disabling condition from qualifying\n       DISABILITY PROCESS                               for benefits,\n  SSA has tested several improvements to the        \xe2\x80\xa2   a child turns 18 years old and is no longer\n    disability claims process. To date, these           considered disabled under adult criteria,\n   initiatives have not resulted in significant\n improvement. In January 2003, GAO added            \xe2\x80\xa2   an individual returns to work and has\n     the modernizing of Federal disability              income over SSA\xe2\x80\x99s allowable amount, or\n     programs, to include SSA\xe2\x80\x99s disability          \xe2\x80\xa2   a continuing disability review shows the\n          programs, to its high-risk list.              individual is no longer disabled.\nSSA administers the DI and SSI programs             SSA\xe2\x80\x99s Office of Hearings and Appeals\nthat provide benefits based on disability.          (OHA) is responsible for holding hearings\nMost disability claims are initially processed      and issuing decisions in SSA\xe2\x80\x99s appeals\nthrough a network of Social Security field          process. OHA\xe2\x80\x99s field structure consists of\noffices and State Disability Determination          10 regional offices and 140 hearing offices.\nServices (DDS). SSA representatives in the          Administrative law judges (ALJ) hold\nfield offices are responsible for obtaining         hearings and issue decisions in hearing offices\napplications for disability benefits and            nationwide. In FY 2002, hearing offices\nverifying non-medical eligibility                   processed over 500,000 cases, and the\nrequirements, which may include age,                average processing time was 336 days.\nemployment, marital status, or Social Security\ncoverage information. After initial                 The Appeals Council is the final level of\nprocessing, the field office sends the case to a    administrative review for claims filed under\nDDS for evaluation of disability.                   SSA\xe2\x80\x99s disability programs. The Appeals\n                                                    Council reviews ALJ decisions and dismissals\nThe DDSs, which SSA fully funds, are State          upon the claimant\xe2\x80\x99s timely request for review.\nagencies responsible for developing medical         In FY 2002, the Appeals Council processed\nevidence and rendering the determination of         115,467 cases, and the average processing\nwhether the claimant is disabled or blind.          time was 412 days.\nAfter the DDS makes the disability\ndetermination, it returns the case to the field     Over the last several years, SSA has tested\noffice for appropriate action depending on          improvements to the disability claims process\nwhether the claim is allowed or denied. In          as a result of concerns about the timeliness\nFY 2002, over 2 million initial disability          and quality of customer service. The\nclaims were processed, and the average              disability improvements combine initiatives\nprocessing time was 104 days.                       that have been tested and piloted and include\n                                                    all levels of eligibility determination\xe2\x80\x94\nOnce SSA establishes an individual is eligible      beginning with State DDSs and going through\nfor disability benefits under either the DI or      the hearings and appeals processes.\nSSI program, the Agency turns its efforts\ntoward ensuring the individual continues to\nreceive benefits only as long as SSA\xe2\x80\x99s\neligibility criteria are met. Disability benefits\nwill not continue if any of the following\noccur:\n\n\n                                   Top Management Challenges\n                                              5\n\x0c                                                   disabled individuals to ensure those\nTo date, these initiatives have not resulted in\n                                                   individuals who are no longer disabled are\nsignificant improvements in the disability\n                                                   removed from the disability roles.\nclaims process, and, in January 2003, GAO\nadded the modernizing of Federal disability        SSA, in conjunction with our office, has taken\nprograms, including SSA\xe2\x80\x99s, to its 2003 high-       an active role in addressing the integrity of\nrisk list. The Commissioner recently               the disability programs through the\nannounced several decisions on the future of       Cooperative Disability Investigations (CDI)\nSSA\xe2\x80\x99s disability process. This included the        program. The CDI program\xe2\x80\x99s mission is to\nCommissioner\xe2\x80\x99s decisions to                        obtain evidence that can resolve questions of\n                                                   fraud in SSA\xe2\x80\x99s disability programs. SSA\xe2\x80\x99s\n\xe2\x80\xa2   pursue the expansion of the Single-\n                                                   Offices of Operations, Disability Programs,\n    Decision Maker authority nationwide,\n                                                   and Disability Determinations along with the\n\xe2\x80\xa2   end the requirements for the claimant          OIG manage the CDI program. There are\n    conference in sites testing the prototype      17 CDI units operating in 16 States. From\n    disability process,                            October 1, 2002 through March 31, 2003, the\n                                                   CDI units saved SSA about $44 million by\n\xe2\x80\xa2   evaluate the elimination of the                identifying fraud and abuse in the disability\n    reconsideration level of the claims process    program before benefits were paid.\n    nationwide,\n\n\xe2\x80\xa2   make additional improvements to the\n    hearings process, and\n\n\xe2\x80\xa2   implement an Electronic Disability\n    System by 2004.\n\nSSA reports that its short-term initiatives have\nimproved the hearings process. The short-\nterm initiatives include expedited techniques\nfor the review of cases and technology\nenhancements designed to improve the\ntimeliness of decisions. Furthermore, SSA\nexpects the electronic disability system to\nprovide OHA a more efficient and effective\ncase processing system when implemented.\n\nDisability Fraud\n\nFraud is an inherent risk in SSA\xe2\x80\x99s disability\nprograms. Some unscrupulous people view\nSSA\xe2\x80\x99s disability benefits as money waiting to\nbe taken. A key risk factor in the disability\nprogram is individuals who feign or\nexaggerate symptoms to become eligible for\ndisability benefits. Another key risk factor is\nthe monitoring of medical improvements for\n\n                                  Top Management Challenges\n                                             6\n\x0c       IMPROPER PAYMENTS                         Under this law, agencies that administer\n                                                 programs where the risk of erroneous\nDetermining and paying accurate and timely       payments is significant2 must estimate their\nprogram benefits are primary commitments of      annual amount of improper payments and\nSSA, along with good stewardship of the trust    report this information in their Performance\n    fund and the General Revenue fund.           and Accountability Report for FYs ending on\nSSA is responsible for issuing benefit           or after September 30, 2004. OMB will use\npayments under the Old-Age, Survivors, and       this information while working with the\nDisability Insurance (OASDI) and SSI             agencies to establish goals for reducing\nprograms. In FY 2002, SSA issued                 erroneous payments for each program.\n$483 billion in benefit payments to\n53.1 million beneficiaries. Considering the      SSA and the OIG have had on-going\nvolume and amount of payments SSA makes          discussions on improper payments\xe2\x80\x94on such\neach month, even the slightest error in the      issues as detected vs. undetected improper\noverall process can result in millions of        payments and avoidable overpayments vs.\ndollars in over- or underpayments.               unavoidable overpayments which are outside\n                                                 the Agency\xe2\x80\x99s control and a \xe2\x80\x9ccost of doing\nImproper payments are defined as payments        business.\xe2\x80\x9d In August 2003, OMB issued\nthat should not have been made or were made      specific guidance to SSA to only include\nfor incorrect amounts. Examples of improper      avoidable overpayments in the Agency\xe2\x80\x99s\npayments include inadvertent errors,             improper payment estimate because these\npayments for unsupported or inadequately         payments could be reduced through changes\nsupported claims, payments for services not      in administrative actions. Unavoidable\nrendered, or payments to ineligible              overpayments that result from legal or policy\nbeneficiaries. The risk of improper payments     requirements are not to be included in SSA\xe2\x80\x99s\nincreases in programs with (1) a significant     improper payment estimate.\nvolume of transactions, (2) complex criteria\nfor computing payments, and/or (3) an            In September 2003, the OIG issued an Issue\noveremphasis on expediting payments. Since       Paper on improper payments\xe2\x80\x94where we\nSSA is responsible for issuing timely benefit    analyzed overpayments from SSA, other\npayments for complex entitlement programs        Federal agencies, and private sector disability\nto over 50 million individuals, SSA is at-risk   insurers. Based on this work, we plan to\nof making significant improper payments.         initiate a comprehensive and statistically valid\n                                                 review in FY 2004 to quantify the amount of\nThe President and Congress have expressed        undetected overpayments SSA\xe2\x80\x99s disability\ninterest in measuring the universe of improper   programs\xe2\x80\x94with a focus on the four diagnosis\npayments within the Government.                  groups we believe (based on prior audit and\nSpecifically, in August 2001, OMB published      investigative work) are problematic.\nthe FY 2002 PMA, which included a                Additionally, preliminary results from one of\nGovernment-wide initiative for improving         our audits at the end of FY 2003 show\nfinancial performance. In November 2002,         significant overpayments\xe2\x80\x94related to earnings\nthe Improper Payments Information Act of         by disabled beneficiaries\xe2\x80\x94went undetected\n2002 was enacted, and OMB issued guidance        by SSA. This work and other studies\xe2\x80\x94such\nin May 2003 on implementing this new law.\n                                                 2\n                                                  OMB defines significant overpayments as annual\n                                                 overpayments that exceed both 2.5 percent of program\n                                                 payments and $10 million.\n\n                                 Top Management Challenges\n                                            7\n\x0cas one to assess whether overpayment waivers\nwere appropriate\xe2\x80\x94will be completed and/or\ninitiated in FY 2004 and beyond to address\nthe issue of improper payments.\n\nSSA has undertaken many projects to identify\nand improve areas where it could do more to\nreduce improper payments and/or recover\namounts overpaid. Specifically, SSA has\nbeen working to improve its ability to prevent\nover- and underpayments by obtaining\nbeneficiary information from independent\nsources sooner and/or using technology more\neffectively. In this regard, SSA has initiated\nnew computer matching agreements, obtained\non-line access to wage and income data, and\nimplemented improvements in its debt\nrecovery program.\n\nWorking with SSA, we have made great\nstrides in reducing benefit payments to\nprisoners and SSI payments to fugitive felons,\nand these efforts continue. However,\nimproper payments, including those to\ndeceased beneficiaries, students, and\nindividuals receiving State workers\xe2\x80\x99\ncompensation benefits, continue to drain the\nSocial Security trust fund.\n\n\n\n\n                                 Top Management Challenges\n                                            8\n\x0c  BUDGET AND PERFORMANCE                         In accordance with GPRA, SSA has set forth\n                                                 its mission and strategic goals in 5-year\n       INTEGRATION                               strategic plans, established yearly targets in its\n  Our work has demonstrated that SSA is          annual performance plans, and reported on its\n generally committed to the production and       performance in its annual performance\n use of reliable performance and financial       reports. Each year, we conduct audits to\n management data, but some improvements          assess the reliability of SSA\xe2\x80\x99s performance\n   would further enhance SSA\xe2\x80\x99s ability to        data and evaluate the extent to which SSA\xe2\x80\x99s\n     produce accurate and actionable             performance plan describes its planned and\n         management information.                 actual performance meaningfully.\nThis area encompasses SSA\xe2\x80\x99s efforts to           In addition to performance audits, we perform\nprovide timely, useful and reliable data to      and monitor audits of SSA\xe2\x80\x99s financial\nassist internal and external decisionmakers in   statements and other financial-related audits\neffectively managing Agency programs, as         of SSA\xe2\x80\x99s operations. Our work includes\nwell as both evaluating performance and          comprehensive technical and administrative\nensuring the validity and reliability of         oversight of the annual audit of SSA\xe2\x80\x99s\nperformance, budgeting, and financial data.      financial statements, performed by an\n                                                 independent public accountant. We also\nTo effectively meet its mission, manage its      perform reviews of the quality of single audits\nprograms, and report on its performance, SSA     conducted by State auditors and public\nneeds sound performance and financial data.      accounting firms. Additionally, we conduct\nCongress, other external interested parties,     administrative cost audits of State DDSs,\nand the general public also want sound data to   which assist SSA with its disability workload.\nmonitor and evaluate SSA\xe2\x80\x99s performance.          This body of work helps assess the validity\nSSA relies primarily on internally generated     and reliability of the financial data SSA relies\ndata to manage the information it uses to        on to manage its programs and meet its\nadminister its programs and report to            mission.\nCongress and the public. The necessity for\ngood internal data Governmentwide has            The integrity of SSA\xe2\x80\x99s programs and those\nresulted in the passage of several laws and      that rely on information from SSA depend on\nregulations to make Government more              the reliability and quality of the Agency\xe2\x80\x99s\naccountable. The Chief Financial Officers        data. External data and data exchanges are\nAct of 1990, as amended; the Government          critical to SSA\xe2\x80\x99s programs and are the focus\nManagement Reform Act of 1994; and the           of many of our audits. Therefore, it is\nGovernment Performance and Results Act           imperative that SSA\xe2\x80\x99s data be reliable.\n(GPRA) were passed to create an\nenvironment of greater accountability within     Considering the critical role of the underlying\nFederal agencies.                                data in all of SSA\xe2\x80\x99s performance, financial,\n                                                 and data-sharing activities, it is crucial that\n                                                 the Agency have clear processes in place to\n                                                 ensure the reliability and integrity of its data.\n\n\n\n\n                                 Top Management Challenges\n                                            9\n\x0c     CRITICAL INFRASTRUCTURE                      Presidential Decision Directive 63, issued in\n                                                  1998, requires that Federal agencies identify\n     PROTECTION AND SYSTEMS                       and protect their critical infrastructure and\n             SECURITY                             assets. The information SSA needs to\n    SSA\xe2\x80\x99s information security challenge is to    conduct its mission is one of its most valuable\n        understand and mitigate system            assets. The Agency is depending on\n                vulnerabilities.                  technology to meet the challenges of\n                                                  increasing workloads with fewer resources. A\nThe Government has a major responsibility         physically and technologically secure Agency\nfor public health and safety. Dramatic and        information infrastructure is a fundamental\nwidespread harm would result should its           requirement.\nsystems be compromised. Therefore, it is\nimperative that the Nation\xe2\x80\x99s critical             Growth in computer interconnectivity brings a\ninformation infrastructure, which is essential    heightened risk of disrupting or sabotaging\nto the operations of the economy and              critical operations, reading or copying\nGovernment, be protected. These systems           sensitive data, and tampering with critical\ninclude, but are not limited to the following.    processes. Those who wish to disrupt or\n                                                  sabotage critical operations have more tools\n\xe2\x80\xa2     Telecommunications                          than ever.\n\xe2\x80\xa2     Energy                                      SSA\xe2\x80\x99s information security challenge is to\n\xe2\x80\xa2     Banking and finance                         understand and mitigate system\n                                                  vulnerabilities. At SSA, this means ensuring\n\xe2\x80\xa2     Transportation                              its critical information infrastructure, such as\n                                                  access to the Internet and the networks, is\n\xe2\x80\xa2     Water systems\n                                                  secure. By improving systems security and\n\xe2\x80\xa2     Facility and personnel security             controls, SSA will be able to use current and\n                                                  future technology more effectively to fulfill\n\xe2\x80\xa2     Emergency services, both Federal and        the public\xe2\x80\x99s needs. The public will not use\n     private sector                               electronic access to SSA services if it does\n                                                  not believe those systems are secure.\nMany of the Nation\xe2\x80\x99s critical infrastructures\nhave historically been physically and logically   SSA addresses critical information\nseparate systems that had little                  infrastructure and systems security in a\ninterdependence. Through advances in              variety of ways. It created a Critical\ninformation technology and improved               Infrastructure Protection work group that\nefficiency, however, these infrastructures        continually works toward compliance with\nhave become increasingly automated and            Presidential Decision Directive 63. SSA has\ninterconnected. These same advances have          several other components throughout the\ncreated new vulnerabilities to equipment          organization that handle systems security\nfailures, human error, weather and other          including the newly created Office of\nnatural disasters, and physical cyber-attacks.    Information Technology Security Policy\n                                                  within the Office of the Chief Information\nAddressing these vulnerabilities will require     Officer. SSA also routinely releases out\nflexible, evolutionary approaches that span       security advisories to its employees and has\nthe public and private sectors and protect both   hired outside contractors to provide expertise\ndomestic and international security.              in this area.\n\n\n                                  Top Management Challenges\n                                            10\n\x0c                                                  By 2005, SSA is expected to make 60 percent\n          SERVICE DELIVERY                        of its customer-initiated services available\n     Given the complexity of the Agency\xe2\x80\x99s         through automated telephone services or the\nprograms, the billions of dollars in payments     Internet. The Agency recently began\nat stake, and the millions of citizens who rely   allowing the public to file DI claims through\non SSA, we must ensure that quality, timely,      the Internet to help achieve its service\n  and appropriate services are consistently       delivery goals. SSA expects to begin a\n       provided to the public-at-large.           nation-wide roll-out of its Electronic\nThe delivery of service to the American           Disability System in 2004. There are always\npeople poses a significant challenge that SSA     risks involved in conducting electronic\nis compelled to address. The Agency\xe2\x80\x99s goal        commerce, despite the Agency\xe2\x80\x99s efforts to\nof \xe2\x80\x9cservice\xe2\x80\x9d encompasses traditional and          identify and mitigate them. SSA will have to\nelectronic services to applicants for benefits,   keep privacy and security concerns at the\nbeneficiaries and the general public. It also     forefront of its planning efforts.\nincludes services to and from States, other\nagencies, third parties, employers, and other     Representative Payee Challenges\norganizations including financial institutions\n                                                  A specific challenge in this area is\nand medical providers. This goal supports the\n                                                  maintaining the integrity of the representative\ndelivery of \xe2\x80\x9ccitizen-centered\xe2\x80\x9d services and\n                                                  payee process. When SSA determines a\nuse of \xe2\x80\x9cE-Government,\xe2\x80\x9d and therefore affords\n                                                  beneficiary cannot manage his/her benefits,\nSSA opportunities to advance these levels of\n                                                  SSA selects a representative payee, who must\nservice. Given the complexity of the\n                                                  use the payments for the beneficiary\xe2\x80\x99s benefit.\nAgency\xe2\x80\x99s programs, the billions of dollars in\n                                                  There are about 5.3 million representative\npayments at stake, and the millions of citizens\n                                                  payees who manage benefit payments for\nwho rely on SSA, we must ensure that\n                                                  6.7 million beneficiaries. While\nquality, timely, and appropriate services are\n                                                  representative payees provide a valuable\nconsistently provided to the public-at-large.\n                                                  service for beneficiaries, SSA must provide\nE-Government Challenges                           appropriate safeguards to ensure they meet\n                                                  their responsibilities to the beneficiaries they\nThe PMA also calls for improved service           serve.\ndelivery through the use of E-Government in\ncreating more cost-effective and efficient\nways to provide service to citizens. The\nincreased use of E-Government will be\nessential to help address the Agency\xe2\x80\x99s\nexpected future loss of institutional\nknowledge accompanied by the increased\nservices expected with the aging of the baby-\nboom generation. Future service delivery\nchallenges include providing electronic\nservices over the Internet and telephone,\n24 hours a day, 7 days a week. It will be the\nnorm for business transactions to be\nprocessed electronically.\n\n\n\n                                 Top Management Challenges\n                                            11\n\x0cSince FY 2001, we have completed numerous        At current staffing levels, SSA finds it\naudits of representative payees. Our audits      difficult to maintain an acceptable level of\nidentified                                       service, especially in its most complicated\n                                                 workloads. After downsizing and curtailing\n\xe2\x80\xa2   deficiencies with the financial              investments in human capital (people), the\n    management of, and accounting for,           Government is facing a major challenge to\n    benefit receipts and disbursements;          meet the current and emerging needs of the\n                                                 Nation\xe2\x80\x99s citizens.\n\xe2\x80\xa2   vulnerabilities in the safeguarding of\n    beneficiary payments;\n\n\xe2\x80\xa2   poor monitoring and reporting to SSA of\n    changes in beneficiary circumstances;\n\n\xe2\x80\xa2   inappropriate handling of beneficiary-\n    conserved funds; and\n\n\xe2\x80\xa2   improper charging of fees.\n\nHuman Capital Challenges\n\nMany agencies, including SSA, share the\nchallenge to address human capital shortfalls.\nThe critical loss of institutional skills and\nknowledge, combined with greatly increased\nworkloads at a time when the baby-boom\ngeneration will require its services, must be\naddressed by succession planning, strong\nrecruitment efforts, and the effective use of\ntechnology as previously discussed.\n\nIn January 2001, GAO added strategic human\ncapital management to its list of high-risk\nFederal programs and operations. By 2010,\nworkloads are anticipated to increase to\nunprecedented volumes. Along with the\nworkload increase, the incredible pace of\ntechnological change will have a profound\nimpact on both the public\xe2\x80\x99s expectations and\nSSA\xe2\x80\x99s ability to meet those expectations.\n\n\n\n\n                                  Top Management Challenges\n                                            12\n\x0c'